From Linux-VServer

The nice thing of the Openwall security patches are that they apply very cleanly together with the vserver patches. No rediffing or manually applying is necesaary, making them more reliable in my eyes. Since I don't use the ACLs of grsec this works just as fine in my opinion.

I've been using them together for a few months now without any issues.

The procedure is very simple. Before you apply the vserver (ctx) patch, you apply the openwall patch. An example would be like this: